We had originally planned to go all-in on passkeys for ONCE/Campfire, and we built the early authentication system entirely around that. It was not a simple setup! Handling passkeys properly is surprisingly complicated on the backend, but we got it done. Unfortunately, the user experience kinda sucked, so we ended up ripping it all out...
Any of the multi-platform password managers that support pass keys will solve this.
You walk into the vault on every platform and your pass keys are magically shared between every platform you’re logged into.
In any system that I’ve used pass keys for (which is every system that supports them), you can go into the password section and delete devices/passkeys.
To regenerate new passkeys they either support it directly in the spot where you deleted it or you log out log back in with username password and 2FA and it asks you again if you want to set up a passkey. I’ve not run into anything else.